1 / 11

Risk Management

Risk Management. An unexpected Journey. Table of Content. The Threats (Outside) The Vulnerabilities (Inside) The Risk Management Process ISO 27001. Do you know this place?. Threat Landscape. Advanced Persistent Threats (APT) State Sponsored: Mandiant Report

otis
Download Presentation

Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Risk Management An unexpected Journey

  2. Table of Content • The Threats (Outside) • The Vulnerabilities (Inside) • The Risk Management Process • ISO 27001

  3. Do you know this place?

  4. Threat Landscape • Advanced Persistent Threats (APT) • State Sponsored: • Mandiant Report • Stuxnet, Duku and Flame network worms • Hacktivism: Anonymous, LulzSec • Organised crime • Lack of care, negligence

  5. Too Little, Too Late? "We need to concentrate less on building castles and assuming they will be impervious, and more on building better dungeons so that when people get in they can't get anything else.“ Rik Ferguson, Global VP of Security Research, Trend Micro

  6. The Human Factor

  7. The client factor • Set expectations • Agree on acceptable risk levels • Be open and upfront • Be prepared to answer difficult questions

  8. Business Impact Analysis and Risk Assessment and Treatment Plan • BIA and RATP • Test your assets for the impact of a loss of: • Confidentiality • Integrity • Availability

  9. What to do with Risks • Mitigate • Accept • Avoid • Transfer

  10. Ideas worth spreading

  11. ISO 27001

More Related